Hello Philip Guenther, It looks like your answer is the most valuable for me. So, by my understanding, the developer compiles and gets the *.tgz files, uploads them to the ftp server but he doesn't compile the sha256 checksum each times for those files. I don't know why, because i'm not familiar with the entire distribution process, maybe they take to much time. But from time to time, the developer makes it somehow that SHA256 has the good checksums inside.
Another thing I got recently from reading list is that *.iso file has its own cheksum mechanism once it is written to the cd so you don't need the actual sha256 for it. From my checks I can say that *.iso file may be older than actual individual files present on the ftp. >From now on, as an *.iso user I don't need the SHA256 then. If I'm mistaken again, please correct me. For the other guys answering, a big thank you also, but your answers were placed to a high level for me. For the people with jokes in mind, don't waste your time for an answer that brings more confusion than clarity. thanks